bugzilla/ansible/roles/apache/templates/reverse-proxy-vhost.conf.j2

<VirtualHost *:80>
    ServerName {{ server_name }}
    Redirect permanent / https://{{ server_name }}/
</VirtualHost>

<VirtualHost *:443>
    ServerName {{ server_name }}
    SSLEngine on
    SSLCertificateFile {{ ssl_cert }}
    SSLCertificateKeyFile {{ ssl_key }}

{% for loc in restricted_locations | default([]) %}
    <Location {{ loc.path }}>
{% for ip in loc.allowed_ips %}
        Require ip {{ ip }}
{% endfor %}
    </Location>
{% endfor %}

    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Ssl "on"
{% if websocket | default(false) %}
    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/(.*) ws://{{ backend_host | default('127.0.0.1') }}:{{ backend_port }}/$1 [P,L]
{% endif %}
    ProxyPass / http://{{ backend_host | default('127.0.0.1') }}:{{ backend_port }}/
    ProxyPassReverse / http://{{ backend_host | default('127.0.0.1') }}:{{ backend_port }}/
</VirtualHost>